A Reference Security Management Plan
for Energy Infrastructure
Prepared by the Harnser Group for the European Commission
Under Contract TREN/C1/185/2009
A Reference Security Management Plan for Energy Infrastructure Foreword
The European Union is developing its policy on critical energy infrastructures in relation to the European Programme for Critical Infrastructure Protection (“EPCIP”) which considers measures that will enhance, where necessary, the level of protection of certain infrastructures against external threats.
The integrity of energy infrastructures and their reliable operation are key factors in ensuring the supply in energy, vital for the well-being of the citizens and the functioning of the economy. For this reason energy infrastructure is considered as a priority for the implementation of the EPCIP, hence the policy adopted in December 2008, under Council Directive 2008/114/EC on the identification and designation of European critical infrastructures and the need to improve their protection, has the energy sector in its scope. As one of a number of requirements, this Directive included the creation of an Operator Security Plan for all infrastructures designated as European Critical.
The European Commission’s Directorate General for Energy tasked an external contractor to prepare a non-binding Reference Security Management Plan. This is intended to be a useful guidebook for operators of energy infrastructure Assets, systems or parts thereof, independent of its classification as European Critical or under other national category. This concentrates on malicious, human-origin threats, whilst paying attention to all related aspects of an operation. The Reference Security Management Plan is written from the operator’s perspective, from the need to comply with existing national or international legal and technical frameworks, through to integrating good security risk management within the overall corporate strategic and governance objectives of the company responsible for the infrastructure. Although this document sets out a complete process useful for creating a robust and enduring Operator Security Plan, operators may decide to use those elements that complement their existing policies and procedures.
Whatever the use made of this document by operators, the process contained therein contributes to a shared objective of improving the security of energy infrastructures.
This Reference Security Management Plan is written in the form of a guidebook and has a single goal: To provide a practical methodology to help an owner/operator of an energy
infrastructure Asset create and embed a robust and appropriate security framework around an Asset that can be adapted and
updated as and when change occurs.
The methodology in the guidebook is presented as a complete
process supported by guidance notes and templates to assist a Security Manager in the development and implementation of a
Security Management Plan for a specific Asset, that not only fits within the overall risk management framework of the owner/
operator, but also reflects best-practice thinking on all aspects of risk identification, assessment, design and implementation.
The process is based on the security risk management
methodology developed under PRISM™, a Performance and
Risk-based Integrated Security Methodology developed by
Harnser Group aimed at delivering practical advice and guidance to companies working in the energy sector. It is based on
experience and an understanding of the challenges that many
Security Managers face in raising awareness of security and
resilience issues within an owner/operator.
Primary ownership of security risk resides with the owners of energy infrastructure, regardless of location. Indeed the energy infrastructure network across the European Union transcends
national boundaries in a complex supply chain of interdependent relationships, each...
Please join StudyMode to read the full document